CVE-2015-3043

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.

References

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html

http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html

http://rhn.redhat.com/errata/RHSA-2015-0813.html

http://www.securityfocus.com/bid/74062

http://www.securitytracker.com/id/1032105

https://helpx.adobe.com/security/products/flash-player/apsb15-06.html

https://security.gentoo.org/glsa/201504-07

https://www.exploit-db.com/exploits/37536/

Details

Source: MITRE

Published: 2015-04-14

Updated: 2018-10-30

Risk Information

CVSS v2

Base Score: 10

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.125:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.145:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.176:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:14.0.0.179:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.152:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.167:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.189:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.223:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.239:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:15.0.0.246:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.235:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.257:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.287:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:16.0.0.296:*:*:*:*:*:*:*

cpe:2.3:a:adobe:flash_player:17.0.0.134:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:novell:suse_linux_enterprise_desktop:11.0:sp3:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*

cpe:2.3:o:novell:suse_linux_enterprise_workstation_extension:12.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:5.0:client:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_supplementary:5.0:server:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
8834Adobe AIR < 17.0.0.172 Multiple Vulnerabilities (APSB15-06)Nessus Network MonitorWeb Clients
high
8815Flash Player < 13.0.0.281 / 17.0.0.169 Multiple Vulnerabilities (APSB15-06)Nessus Network MonitorWeb Clients
high
8814Flash Player < 17.0.0.189 (inferred) Multiple Vulnerabilities (APSB15-06 through 11) Nessus Network MonitorWeb Clients
high
84160Adobe AIR for Mac <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)NessusMacOS X Local Security Checks
critical
84156Adobe AIR <= 17.0.0.144 Multiple Vulnerabilities (APSB15-06)NessusWindows
critical
84072GLSA-201504-07 : Adobe Flash Player: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
82890FreeBSD : Adobe Flash Player -- critical vulnerabilities (3364d497-e4e6-11e4-a265-c485083ca99c)NessusFreeBSD Local Security Checks
critical
82823MS KB3049508: Update for Vulnerabilities in Adobe Flash Player in Internet ExplorerNessusWindows
critical
82819SuSE 11.3 Security Update : flash-player (SAT Patch Number 10615)NessusSuSE Local Security Checks
critical
82812RHEL 5 / 6 : flash-plugin (RHSA-2015:0813)NessusRed Hat Local Security Checks
critical
82807openSUSE Security Update : Adobe Flash Player (openSUSE-2015-304)NessusSuSE Local Security Checks
critical
82782Adobe Flash Player <= 17.0.0.134 Multiple Vulnerabilities (APSB15-06)NessusMacOS X Local Security Checks
critical
82781Adobe Flash Player <= 17.0.0.134 Multiple Vulnerabilities (APSB15-06)NessusWindows
critical